Title:Cisco ubr900 series routers that conform to the Data-over-Cable Service Interface Specifications (DOCSIS) standard must ship without SNMP access restrictions, which can allow remote attackers to read and write information to the MIB using arbitrary...

Description:Cisco ubr900 series routers that conform to the Data-over-Cable Service Interface Specifications (DOCSIS) standard must ship without SNMP access restrictions, which can allow remote attackers to read and write information to the MIB using arbitrary community strings.

Title:Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly filter does not properly filter packet fragments even when the "fragment" keyword is used in an ACL, which allows remote attackers to bypass the intended access controls.

Description:Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly filter does not properly filter packet fragments even when the "fragment" keyword is used in an ACL, which allows remote attackers to bypass the intended access controls.

Title:Cisco 12000 with IOS 12.0 and line cards based on Engine 2 and earlier allows remote attackers to cause a denial of service (CPU consumption) by flooding the router with traffic that generates a large number of ICMP Unreachable replies.

Description:Cisco 12000 with IOS 12.0 and line cards based on Engine 2 and earlier allows remote attackers to cause a denial of service (CPU consumption) by flooding the router with traffic that generates a large number of ICMP Unreachable replies.

Title:Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not handle the "fragment" keyword in a compiled ACL (Turbo ACL) for packets that are sent to the router, which allows remote attackers to cause a denial of service via a flood of fragments.

Description:Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not handle the "fragment" keyword in a compiled ACL (Turbo ACL) for packets that are sent to the router, which allows remote attackers to cause a denial of service via a flood of fragments.

Title:Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly handle the implicit "deny ip any any" rule in an outgoing ACL when the ACL contains exactly 448 entries, which can allow some outgoing packets to bypass access restrictions.

Description:Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly handle the implicit "deny ip any any" rule in an outgoing ACL when the ACL contains exactly 448 entries, which can allow some outgoing packets to bypass access restrictions.

Description:Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not support the "fragment" keyword in an outgoing ACL, which could allow fragmented packets in violation of the intended access.

Title:Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not properly handle an outbound ACL when an input ACL is not configured on all the interfaces of a multi port line card, which could allow remote attackers to bypass the intended access...

Description:Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not properly handle an outbound ACL when an input ACL is not configured on all the interfaces of a multi port line card, which could allow remote attackers to bypass the intended access controls.

Description:All versions of WU-FTPD alows an attacker to cause a heap corruption, caused by a vulnerability in the glob function. Such function fails to properly signal an error to its caller, and the ftpglob function fails to set the globerr variable under certain situations. The attacker can send a command followed by a tilde and open bracket characters to the FTP server causing a corruption of the process memory space. This allows the execution of arbitrary code on the system with root privileges. In order to detect the vulnerability, the following checks should be enable in the ISS Protection Platform:WuftpGlobHeapCorruptionwuftp-glob-heap-corruptionFor a virtual patch enable the following check in the ISS Protection Platform:FTP_Glob_TildeBrace_VulnsBlock or restrict port 21 in the ISS Protection Platform.For more information on how to do manual protection see: http://xforce.iss.net/xforce/xfdb/7611

Title:Multiple Cisco networking products allow remote attackers to cause a denial of service on the local network via a series of ARP packets sent to the router's interface that contains a different MAC address for the router, which eventually causes the...

Description:Multiple Cisco networking products allow remote attackers to cause a denial of service on the local network via a series of ARP packets sent to the router's interface that contains a different MAC address for the router, which eventually causes the router to overwrite the MAC address in its ARP table.

Description:SSH protocol Version 1 has various vulnerabilities, this should be disabled and only version 2 clients should be allowed to connect. For more information, visit: http://www.ssh.com/company/newsroom/article/210/

Title:Cisco CBOS 2.3.8 and earlier stores the passwords for (1) exec and (2) enable in cleartext in the NVRAM and a configuration file, which could allow unauthorized users to obtain the passwords and gain privileges.

Description:Cisco CBOS 2.3.8 and earlier stores the passwords for (1) exec and (2) enable in cleartext in the NVRAM and a configuration file, which could allow unauthorized users to obtain the passwords and gain privileges.

Title:Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via a series of large ICMP ECHO REPLY (ping) packets, which cause it to enter ROMMON mode and stop forwarding packets.

Description:Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via a series of large ICMP ECHO REPLY (ping) packets, which cause it to enter ROMMON mode and stop forwarding packets.

Title:Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) 12.1DC card does not properly disable access when a password has not been set for vtys, which allows remote attackers to obtain access via telnet.

Description:Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) 12.1DC card does not properly disable access when a password has not been set for vtys, which allows remote attackers to obtain access via telnet.

Description:A vulnerability was reported in TYPSoft’s FTP Server, where remote users can cause the server to crash. There is currently no solution to the vulnerability at the moment. If a remote user accesses the FTP service and sends a STOR or RETR command as shown below, the FTP server goes into a denial of service condition since it will consume nearly all CPU resources.RETR ../../*STOR ../../*

Title:Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows remote attackers to cause a denial of service via multiple connections to the router on the (1) HTTP or (2) telnet service, which causes the router to become unresponsive and stop...

Description:Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows remote attackers to cause a denial of service via multiple connections to the router on the (1) HTTP or (2) telnet service, which causes the router to become unresponsive and stop forwarding packets.

Title:Web-based configuration utility in Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap binds itself to port 80 even when web-based configuration services are disabled, which could leave the router open to attack.

Description:Web-based configuration utility in Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap binds itself to port 80 even when web-based configuration services are disabled, which could leave the router open to attack.

Title:The FTP server on Cisco Content Service 11000 series switches (CSS) before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands.

Description:The FTP server on Cisco Content Service 11000 series switches (CSS) before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands.

Description:The web management service on Cisco Content Service series 11000 switches (CSS) before WebNS 4.01B29s or WebNS 4.10B17s allows a remote attacker to gain additional privileges by directly requesting the web management URL instead of navigating through the interface.

Description:There exists a vulnerability in WS_FTP server, allowing a remote user to execute arbitrary code on the server with system privileges. This is due to a buffer overflow triggered by a valid remote user or an anonymous user. A patch has been release by the vendor, which is available at: http://www.ipswitch.com/support/ws_ftp-server/patch-upgrades.asp. The commands used to create a buffer overflow are: DELE, MDTM, MLST, MKD, RMD, RNFR, RNTO, SIZE, STAT, XMKD, and XRMD. Executing one of these commands with an argument longer than 478 bytes will cause such a buffer overflow. A remote user may also send several NULL characters, causing the WS_FTP to consume 100% of the CPU resources, thus causing it to crash.

Title:SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as used in Netgear ME102 and Linksys WAP11, accepts arbitrary community strings with requested MIB modifications, which allows remote attackers to obtain sensitive information such...

Description:SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as used in Netgear ME102 and Linksys WAP11, accepts arbitrary community strings with requested MIB modifications, which allows remote attackers to obtain sensitive information such as WEP keys, cause a denial of service, or gain access to the network.

Title:HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.

Description:HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.

Title:Cisco CBOS 2.3.0.053 sends output of the "sh nat" (aka "show nat") command to the terminal of the next user who attempts to connect to the router via telnet, which could allow that user to obtain sensitive information.

Description:Cisco CBOS 2.3.0.053 sends output of the "sh nat" (aka "show nat") command to the terminal of the next user who attempts to connect to the router via telnet, which could allow that user to obtain sensitive information.

Description:SurgeFTP Server version 2.0a is prone to a vulnerability where a remote attacker can traverse directories, if the attacker issues an NLIST command followed by a ‘dot dot’ (/../) sequence. The attacker will be able to view any file on the server. This vulnerability issue can be solved by upgrading to the latest version i.e. 20.b or later, which can be found at: http://www.netwinsite.com/surgeftp/

Title:SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC with IKE pre-shared keys do not allow for the use of full 128 byte IKE pre-shared keys, which is the intended design of the IKE pre-shared key, and only support 48 byte keys. This...

Description:SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC with IKE pre-shared keys do not allow for the use of full 128 byte IKE pre-shared keys, which is the intended design of the IKE pre-shared key, and only support 48 byte keys. This allows a remote attacker to brute force attack the pre-shared keys with significantly less resources than if the full 128 byte IKE pre-shared keys were used.

Description:Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa authentication to a TACACS+ server allows remote attackers to cause a denial of service via a large number of authentication requests.

Title:Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several...

Description:Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts.

Description:Broker FTP Server 5.9.5.0 is prone to two vulnerabilities, one being a Buffer Overflow, which may cause a Denial of Service (DoS) condition, while the other one leads to a Directory Traversal, where an attacker will be able to look through the files and folders of a system. There is currently no solution for any of the above vulnerabilities. The buffer overflow can be generated by repeatedly sending the following command:CWD . . orCD . . (for an FTP client). An attacker could also add some more spaces between the dots for a worse effect. The server will add these directory paths to the current path, causing a DoS condition after a certain bound has been reached. One can go through the contents of a drive available on the system, by first going to the home directory when typing the following command:CD C: or CD C:\One can then use the LS command to go through the available files. Although one will be able to go through the files available, it is not possible to send or receive files.

Description:There exists a vulnerability in GuildFTPd version 0.97 known as a directory traversal. This allows anyone with a valid FTP login to read arbitrary files on the system. In order to resolve this problem one will have to upgrade the FTP server to a later version. The commands which cause the directory traversal are:CD ../CD .../CD /.../CD C:\ and others. All of these commands give the ‘550 Access denied’ error.

Title:Classic Cisco IOS 9.1 and later allows attackers with access to the login prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data.

Description:Classic Cisco IOS 9.1 and later allows attackers with access to the login prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data.

Description:FTPXQ FTP Server 2.0.93 is prone to a vulnerability known as directory traversal, where remote attackers read arbitrary files via a .. (dot dot) in the GET command. An attacker will thus have the ability to view any file on a remote computer. There is currently a fix available for such a vulnerability.

Description:TYPSoft’s FTP server is prone to a vulnerability, where a remote user can obtain a listing of the files located on the same drive as the FTP server. This vulnerability has been solved with the new fixed version 0.97.5, which is available at the vendor’s web site at: http://www.typsoft.com/Some example of FTP commands which cause the crash are:ls ../../*.*ls "../../My%20files/*.*"

Title:Cisco IOS 12.0(5)XU through 12.1(2) allows remote attackers to read system administration and topology information via an "snmp-server host" command, which creates a readable "community" community string if one has not been previously created.

Description:Cisco IOS 12.0(5)XU through 12.1(2) allows remote attackers to read system administration and topology information via an "snmp-server host" command, which creates a readable "community" community string if one has not been previously created.

Description:A vulnerability exists in the following FTP servers: Serv-U FTP Server, G6 FTP Server and WarFTPd Server. Submitting an ‘a:/’ with the GET or RETR command appended with arbitrary data repeatedly, will cause a denial of service, since the CPU usage will go up to 100%.There are no solutions or vendor-supplied patches for this vulnerability.

Description:Cisco Catalyst 6000, 5000, or 4000 switches allow remote attackers to cause a denial of service by connecting to the SSH service with a non-SSH client, which generates a protocol mismatch error.

Description:BIND is a server program which uses the domain name service protocol, and is used by many DNS servers. BIND version 8 contains an overflow, allowing remote attackers to execute code with root privileges. An upgrade to BIND version 9.1.0 or installing vendor-supplied fixes is recommended. These are available at http://www.securityfocus.com/bid/2302/solution. The overflow allows some memory locations to be overwritten by known values when invalid transaction signatures are being handled. When using UDP a stack frame in BIND can be overwritten, while when using TCP the heap can be overwritten.

Description:BIND is a Domain Name Service (DNS) used for converting hostnames into the corresponding IP addresses. Since they are used for Internet purposes, DNSs are a popular target for attackers. A number of servers currently in production are outdated, miss-configured and/or vulnerable, hence making them more prone to attacks such as denial of service, buffer flows etc. Outdated and/or un-patched versions of BIND are most likely vulnerable, thus if one is running a version of BIND, one should ensure that it is the latest version. The current three main version of BIND are 4, 8, and 9. In order to solve such a vulnerability, one should apply all vendor patches or else upgrade to the latest version.

Description:Cisco 340-series Aironet access point using firmware 11.01 does not use 6 of the 24 available IV bits for WEP encryption, which makes it easier for remote attackers to mount brute force attacks.